Security NewsWatch

NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

View in Your Browser at http://nsi.org/Security_NewsWatch/NewsWatch/7.20.16.html

In this issue — July 20, 2016

  • Terrorists Kill, Injure 875 People Thus Far in 2016 • Report: More, stronger cyber attacks to flood networks
 • Nation-State Energy Grid Malware Bypasses Cyber, Physical Security • Study: Businesses Are Failing to Plan for Cyber Dangers • Inside Look at a CYBERCOM Dress Rehearsal • Now Ransomware Takes Aim at Business Networks • Cyber Mission Force Nearly Ready for Action • Chinese Hacker Sentenced for Stealing Military Info • The Threat-Hunter’s Guide to Securing the Enterprise • China Suspected in FDIC Breaches

Terrorists Kill, Injure 875 People Thus Far in 2016 (Sputniknews.com, 7/20/16) A wave of attacks in just over a month has helped the Daesh terror group set new records for plots, attacks and the number of people injured, already surpassing the carnage of 2015, according to a US House of Representatives Homeland Security Committee report titled Terror Gone Viral released on Wednesday.

The report cited 34 Daesh plots thus far in 2016, compared with 48 attempts in all of 2015, and 875 people killed or injured as of July, compared with 750 casualties in all of last year. Sunday’s attack in the French city of Nice killed 84 and injured more than 300.Part of the report focused on government targets, including police, which takes on added relevance given this month’s killings of five officers in the US states of Texas and three in the state of Louisiana by lone gunmen. More

Report: More, stronger cyber attacks to flood networks (Thehill.com, 7/19/16)

A popular cyber attack used to clog victims’ internet connections is being used more frequently at far higher strengths, according to a new report.  An Arbor Networks report released Tuesday said it detected a drastic increase in the number of so-called distributed denial of service attacks, and more attacks capable of taking down large networks.  Distributed denial of service attacks (usually abbreviated DDoS) overflow a server with traffic by using hundreds or thousands of computers to simultaneously try to connect to them. The technique can be used to crash websites, communications networks, even networked video games – including, recently, Pokemon Go. More

Nation-State Energy Grid Malware Bypasses Cyber, Physical Security (Info Security, 7/15/16)

Security researchers have discovered new malware designed to bypass traditional physical and cybersecurity which could be used in an attack to shut down an energy grid.  The researchers said the malware has already been used to attack at least one energy company.

They also revealed that it’s likely to have been designed by an eastern European nation state, based on its sophistication, the “extreme measures it takes to evade detection,” and the fact it exhibits behavior seen in previous nation-state rootkits. More

Study: Businesses Are Failing to Plan for Cyber Dangers (CSO, 7/15/16)

Only 22% of companies have a comprehensive plan in place to deal with major cybersecurity incidents, according to a new survey from KPMG and British Telecom.  Meanwhile, 97% said they have been the victims of a digital attack, and 55% said that they have seen an increase in cyberattacks.

“Our research is showing us that people don’t have a plan that they can turn to if they are under considerable attack,” said BT Americas CISO Jason Cook.  In particular, a good plan should include more than just the IT department, he said.  The plan also has to be continuously reviewed to adapt to the changing security landscape, he added — it’s not enough to come up with a plan and then not look at it again. More

Inside Look at a CYBERCOM Dress Rehearsal (NextGov, 7/15/16)

During a recent hack attack drill, Cyber Command troops botched an attempt to stop compromised energy machinery from leaking oil – and that was the intention, the Pentagon says.  “We do that because at the point of failure, that’s where learning will occur,” Rear Adm. Kevin Lunday, CYBERCOM director of exercises and training, told a small group of reporters.

Lunday supported the annual “Cyber Guard” practice session with civilians and an all-­military “Cyber Flag” session.  Key to both exercises is the nascent “persistent training environment,” or PTE, a closed network with a so-­called transport layer that connects players at various locations.  CYBERCOM troops in Fort Meade, Maryland, San Antonio, Texas, and overseas locations, among other places, participated in Cyber Flag. More

Now Ransomware Takes Aim at Business Networks (ZDNet, 7/15/16)

Crypto-ransomware is becoming an increasing problem for businesses as cybercriminals are turning their attention to using these attacks to target corporate networks.  Cyber-criminals are aware that this method of attack is working and are increasingly deploying it: according to a new Kaspersky Labs report on ransomware, the number of corporate users attacked with ransomware has increased by over six times with 718,000 victims in the last year compared to 131,000 during the previous 12 months.

Previously, ransomware attacks had largely ignored corporate networks, with hackers instead choosing to target home users.  While home users still make up the vast majority of ransomware victims, corporate users now account for over one in ten infected. More

******************************************************************************************

Insider Threats: It’s all about people

It can blow through any firewall, defeat expensive technology controls, expose sensitive data, cause laptops and mobile devices to go missing, and leak corporate or national security secrets.  What, you ask, is it?  Employee carelessness — the single most common cause of security breaches. If there’s a common thread the experts all agree on, it’s that poor training and unaware employees lie at the root of many if not most employee security breaches.

So, how do you make sure that your company’s information assets are protected? The first line of defense is employee awareness – the critical “humanware” component of your data security armor. NSI’s SECURITYsense awareness program gives your employees the tools and information they need to make security second nature.  Don’t put your organization at risk.  Get SECURITYsense and build awareness quickly and affordably. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.

******************************************************************************************

Cyber Mission Force Nearly Ready for Action (Info Security, 7/15/16)

The military’s Cyber Mission Force will finally be ready for action by the end of September, according to U.S. Cyber Command and NSA boss, Admiral Michael Rogers.  The new elite cyber force will eventually contain over 6,000 operatives split into 133 groups, which will be tasked with both offensive and defensive missions.

Unusually for a military endeavor, troops will be deployed before the unit has been completely staffed, Rogers said.  “We find ourselves in a situation a little unusual in the military arena.  As soon as we get a basic framework, we are deploying the teams and putting them against challenges,” he noted.  “We’re in a race to make sure we are generating capacity and capability, and that we are doing it faster than those who would attempt to do harm to us.” More

Chinese Hacker Sentenced for Stealing Military Info (BBC, 7/14/16)

A Chinese businessman who pleaded guilty to hacking sensitive military information has been sentenced to nearly four years in prison.  Su Bin admitted collaborating with hackers in the Chinese military to steal data from U.S. defense companies between 2008 and 2014.

Su was arrested in Canada in 2014 and extradited to the U.S.  The Chinese government has repeatedly denied any involvement in hacking foreign companies or governments.  In addition to the 46-month prison sentence, the Los Angeles court also ordered Su to pay a $10,000 fine. More

The Threat-Hunter’s Guide to Securing the Enterprise (CSO, 7/14/16)

It’s time to face facts: Attackers are stealthy enough to evade your monitoring systems.  If you’re sitting back waiting for alarms to go off, there’s a good chance you’re already hosed.  Despite spending more than $75 billion on security products and services, enterprises are frequently compromised, highly sensitive data is stolen, and the fallout can be devastating.

Worse, enterprises don’t discover they’ve been breached for weeks to months after initial compromise, taking between 120 to 200 days on average to even detect an attack.  That’s a six-month head start on reconnaissance and exploitation. More

China Suspected in FDIC Breaches (Government Info Security, 7/13/16)

The Chinese government likely was responsible for the hacking of computers at the Federal Deposit Insurance Corp. in 2010, 2011, and 2013, according to a new congressional report.  Public disclosure of those breaches in the congressional report comes as the FDIC inspector general issued a new audit report that criticizes the agency for continued lax information security practices.

The interim report says a foreign government, “likely the Chinese,” penetrated computers and the workstations used by high-level FDIC officials, including chairwoman Sheila Bair, who ran the agency from 2006 until 2011, as well as a former chief of staff and former general counsel.  Hackers compromised 12 workstations and also penetrated 10 servers and infected them with a virus, the report notes. More